Internal Verizon data was exposed, but the breach did not impact customers Scott Olson/Getty Images

A database containing sensitive – and potentially confidential – internal information linked to US communications giant Verizon Wireless was recently found on the web without adequate password protection, a team of US cybersecurity researchers has revealed.

On 20 September 2017, experts from Kromtech – a security division of software company MacKeeper – found a publicly accessible Amazon Web Services (AWS) database (also known as an S3 bucket) that contained roughly 100MB of Verizon Wireless files and folders.

The data, the team found upon analysis, was linked to a Verizon system known as Distributed Vision Services (DVS), which is used to manage front-end applications.

Kromtechsaid in its report – published Friday (22 September) – that two of the files were named "VZ Confidential" and "Verizon Confidential".

The folders allegedly included usernames and passwords that could have "easily allowed access to other parts of Verizon's internal network." It is not believed that customer data was exposed in the leak.

One of the exposed files contained more than 120 Outlook emails, with some referencing internal communications, logs and servers.

Kromtech researchers said that the database – which has now been removed – was "self-owned" by a Verizon Wireless engineer and not managed by the company.

A Verizon spokesperson did not immediately respond to request for comment fromIBTimes UK.

The employee responsible for the database was not named by the cybersecurity firm, and it remains unclear how long the data was publicly accessible.

According to the team's report, the Verizon staffer later claimed– despite the seemingly sensitive file names – "no confidential stuff" was put at risk.

Bob Diachenko, Kromtech's chief security officer, said following the fresh disclosure: "Our primary goal is to notify and secure the data, not dispute if [Verizon] is being honest or not."

"As more and more data leaks occur it makes consumers, and average individuals more vulnerable online," he continued. "We believe that companies have an obligation to not only take the proper security measures but also protect the data their employees collect and store".